WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: WP Security Scan] CAUTION: SCREWED-UP MY BLOG! (50 posts)

  1. raygene
    Member
    Posted 6 years ago #

    "cans your WordPress installation for security vulnerabilities and suggests corrective actions."

    Was that meant to be an April Fool's joke? Being concerned about security, I downloaded this plugin, ran it, set my permissions to the "suggested corrective actions" and when trying to access my site, all I got were errors. I had to reset my permissions as best as I could and got it to work again.

    Either this is a bad joke or awfully written code by someone who doesn't have a clue as to what WP permissions should be.

    Gene

    http://wordpress.org/extend/plugins/wp-security-scan/

  2. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    What were the problems exactly? What permissions were incorrectly suggested?

    You downloaded a beta version, so before going off, if you're going to make a comment, make it constructive criticism.

  3. raygene
    Member
    Posted 6 years ago #

    The suggested permissions were:

    /wp-includes/ 0644
    /.htaccess 0644
    index.php 0644
    js/ 0644
    /wp-content/themes/ 0644
    /wp-content/plugins/ 0644
    /wp-admin/ 0644
    /wp-content/ 0644

    Kinda hard to make constructive criticism when something fouls up your blog. Thanks to this, I now have to hunt for the correct permissions for my 2.5 installation.

  4. whooami
    Member
    Posted 6 years ago #

    those are not the correct permissions. and honestly thats kind of a "lame" plugin as all it does is check something that you ought to be able to check since it expects you to change it. If you know how to change permissions, you know how to check them.

    directories == 755
    files == 644

    Its in the codex.

    furthermore, a "plugin" thats beta shouldnt be publicly available, ( and if it is in beta, and you have it publicly available, expect to be held accountable for it, and not to be able to cry "beta!"). If you host a plugin on wordpress.org, tolerate the comments or move the plugin. Theres no rule about anything needing to be constructive.

  5. raygene
    Member
    Posted 6 years ago #

    Thanks Whooami,

    I was looking at Changing File Permissions and you made things a heck of a lot simpler for me.

    "furthermore, a "plugin" thats beta shouldn't be publicly available"

    That I do agree with, I am no guru but I did restore my blog by reversing the permissions to what I thought they were before but could you imagine a complete "Newbie" in this type of situation?

    I also assume that the author didn't bother to read the Codex, where the heck did he come up with 644 for everything (open up his PHP file and you'll see what I mean)? And yes, he should be held accountable for it and should also expect to be criticized when his "beta" crashes a blog.

    Thanks again, whooami, saved my day again.
    Gene

  6. raygene
    Member
    Posted 6 years ago #

    Forgot to mention, the description is quite vague:

    "Scans your WordPress installation for security vulnerabilities and suggests corrective actions."

    Doesn't say much, does it?

    Also, the FAQ says:

    A question that someone might have
    An answer to that question.

    What about foo bar?
    Answer to foo bar dilemma.

    LOL! A comedian on top of that... Maybe he missed his real calling?

    37 people downloaded it so far, sure hope they were savvy enough not to do the same I did...

    Cheers,
    Gene

  7. Len Kutchma
    Member
    Posted 6 years ago #

    sure hope they were savvy enough not to do the same I did

    If they did I'm sure we'll hear from them.

  8. raygene
    Member
    Posted 6 years ago #

    If they did I'm sure we'll hear from them

    LOL! I guess that most were smart enough not to go change their permissions or if they did, didn't post about it.

    Wonder who the heck gave this an "almost 3 star" rating?

  9. whooami
    Member
    Posted 6 years ago #

    well, interestingly enough the description of the plugin has changed atleast 2x in the last 4 hours, perhaps, 3 times. Im fairly sure there wasnt an " in beta" there the first time I clicked, then there was one, and going abck now, it not only says "beta" but "use at own risk"

    lol.

    While I defend the right to complain, bitch, moan, etc after the fact.. I think everything that is downloaded off a web site is used at one's own risk.

  10. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    "Beta" was there, I added use at your own risk.

  11. whooami
    Member
    Posted 6 years ago #

    fair 'nuff, I probably missed it -- I wasnt looking very hard, admittedly.

  12. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    I figured as much. That's why I went and added the rest of the text, realizing that I didn't make it obvious enough this was a development version. My appologies to all who messed things up. If anyone needs me to fix their perms, send me an email at michael (at) semperfiwebdesign (dot) com and I'll take care of it.

  13. raygene
    Member
    Posted 6 years ago #

    My appologies to all who messed things up.

    NP but it almost gave me a heart attack. Error pages, blank pages, a real disaster.

    Good luck with the plugin, I saw that you made a couple of updates since, are you now using the Codex's default permissions?

    Cheers,
    Gene

  14. getwitit
    Member
    Posted 6 years ago #

    yeah..i should have read these comments before using this plugin. and another reason to Always Backup!! Glad I did. I see that there's a new update avail, but I'm scared...I sure do like the thought of having an app as such! Guess I'll wait for others to play with it before I take another crack at it.
    GetWitIT

  15. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    What problem did you have?

  16. raygene
    Member
    Posted 6 years ago #

    Yo Michael,

    I'm happy you're making progress with the plugin...

  17. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    Thank you. Feel free to email me with any suggestions, bugs, etc.

  18. Gary
    Member
    Posted 6 years ago #

    Hi guys

    I really like the sound of this plugin but am a little concerned of the problems stated above, Can anyone confirm this plugin is working fine now?

  19. kahleess
    Member
    Posted 6 years ago #

    It works great for me.

  20. Gary
    Member
    Posted 6 years ago #

    cool ill give it a whirl

  21. genevaeagles
    Member
    Posted 6 years ago #

    Great Plugin, two concerns to mention though.
    1. after I changed the file permission it didn't change on the plugin site in the backend.
    2. seems to have a problem with the event calendar plugin and the CSS for my footer. In both cases the font was changed.

  22. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    genevaeagles,

    Thank you for using my plugin.

    Please start a thread or email me, and describe your situation in more detail. Include your WordPress version, WP Security Scan plugin version, plugins (with links), and browser.
    Almost all of the feedback that I've received via email has been very positive. I very much want to ensure that everyone finds this plugin useful.

    Later versions of the plugin include a link to a contact form that goes directly to me.

  23. genevaeagles
    Member
    Posted 6 years ago #

    So I'm using the newest WP 2.5 version. I saw your Plugin through the new Dashboard function and downloaded the latest version from the WP Plugin repository.

    As soon as I activated your Plugin I checked the security tab in the backend and changed the file permission of the files which didn't have a proper setting. When I came back to the tab and did a reload nothing changed...even when I did a log out and logged in again...no changes to the persmission statements...even the actual file were changed.

    Going to my front end I figured out that it probably doesn't work with the Event Calendar Plugin I'm using because the font style was changed and I didn't do any work on the CSS (the widget I'm using in my sidebar). This also happened with my footer although I don't see any relation to the Event Calendar Plugin.

    I still have your Plugin but deactivated it for the moment because it messes up those to fonts a bit but would really like to have in activated...because it's good.

    Hope this helps. Let me know if you need to know anything else.
    Great Plugin!

    Thx.

  24. rplazaro
    Member
    Posted 6 years ago #

    i'm a newbie and i know how it is to struggle with wordpress. i'll be watching this forum and until veteran users say it works great, i'll just hold on to that download.

  25. raygene
    Member
    Posted 6 years ago #

    Michael is constantly updating this plugin. Just wait till it's stable and I'm quite sure it'll be a great add-on.

    Cheers,
    Gene

  26. Michael Torbert
    WordPress Virtuoso
    Posted 6 years ago #

    99% of the feedback I get is positive.
    However, you can help by suggesting improvements, new features, reporting bugs, etc. Contact me at any time at semperfiwebdesign.com/contact

    I release updates often to keep this plugin as up to date as possible.

    Thank you to everyone so far who's given me support.

  27. touchnova
    Member
    Posted 5 years ago #

    I used the plugin as well, but it broke my site in IE once the plugin was activated and then, once I logged out of Admin, I couldn't get back it..just received MySQL error and had to manually delete the plugin folder via FTP. I will say that when I ran it, it told me that my permissions should the 755, not 644 as 'raygene' experienced.

    But the plugin still hosed my site and I had to remove it, bottom line.

  28. ClaytonJames
    Member
    Posted 5 years ago #

    I gave it a go just because Y'all said it broke stuff. (I like to break stuff). If it can be bent, broken, bruised or badly overheated, I'm your boy.

    As long as you use it, consider the results, and then deactivate it, it doesn't seem to break anything, (I feel a little cheated), but it didn't tell me anything I wasn't already aware of either. If you leave it activated and then log out and try to view your site, (IE7 and Firefox), it 404's "like Grant took Richmond"... figuratively speaking... but I had no problem logging back in. In all fairness, I tested version 2.2.56.14. Perhaps the future features will be more informative. Looks interesting enough.

  29. Michael Torbert
    WordPress Virtuoso
    Posted 5 years ago #

    touchnova and ClaytonJames,

    You are the exceptions. Most people have no issues with the plugin in the current version.
    Everyone who has emailed me that something didn't work in the current version also sent me their server settings. They almost always have uncommon or incorrect server settings.

    Anyone who has an issue with the plugin, please email me and I will take a look.

  30. ClaytonJames
    Member
    Posted 5 years ago #

    I upgraded to the latest version with the same results. Here is the only information output I can see, that may contain a common variable that causes the 404 symptom.

    # Operating System : Linux
    # Server : Apache
    # Memory usage : 9.23 MByte
    # MYSQL Version : 5.0.22
    # SQL Mode : Not set
    # PHP Version : 5.1.6
    # PHP Safe Mode : Off
    # PHP Allow URL fopen : On
    # PHP Memory Limit : 32M
    # PHP Max Upload Size : 2M
    # PHP Max Post Size : 8M
    # PHP Max Script Execute Time : 30s
    # PHP Exif support : Yes ( V1.4 )
    # PHP IPTC support : Yes
    # PHP XML support : Yes

    The only other constant, is that this is an upgrade to WP 2.5, and not a clean install. Frankly, I don't view it as a problem. Why would you need or want, to leave the plugin activated after viewing and acting on the information it provides anyhow? I'm still more interested to see the implementation of the future features than in the info it currently provides. Either way, it's not really an issue for me.

    Peace!!

Topic Closed

This topic has been closed to new replies.

About this Topic